Version 255~rc1
- See https://raw.githubusercontent.com/systemd/systemd/v255-rc1/NEWS - All the files and services related to pcrs are moved to -udev subpackage. This includes the new systemd-pcrlock binary.
This commit is contained in:
		
							parent
							
								
									a9b4725785
								
							
						
					
					
						commit
						e8cc280d45
					
				| @ -1,243 +0,0 @@ | |||||||
| From df25afd2cf5527fe1bb542bb146fef1be8d9a489 Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Lennart Poettering <lennart@poettering.net> |  | ||||||
| Date: Sat, 9 Sep 2023 14:46:32 +0200 |  | ||||||
| Subject: [PATCH 1/3] core: add new "PollLimit" settings to .socket units |  | ||||||
| 
 |  | ||||||
| This adds a new "PollLimit" pair of settings to .socket units, very |  | ||||||
| similar to existing "TriggerLimit" logic. The differences are: |  | ||||||
| 
 |  | ||||||
| * PollLimit focusses on the polling on the sockets, and pauses that |  | ||||||
|   temporarily if a ratelimit on that is reached. TriggerLimit otoh |  | ||||||
|   focusses on the triggering effect of socket units, and stops |  | ||||||
|   triggering once the ratelimit is hit. |  | ||||||
| 
 |  | ||||||
| * While the trigger limit being hit is an action that causes the socket |  | ||||||
|   unit to fail the polling limit being reached will just temporarily |  | ||||||
|   disable polling on the socket fd, and it is resumed once the ratelimit |  | ||||||
|   interval is over. |  | ||||||
| 
 |  | ||||||
| * When a socket unit operates on multiple socket fds (e,g, ListenStream= |  | ||||||
|   on both some ipv6 and an ipv4 address or so). Then the PollLimit will |  | ||||||
|   be specific to each fd, while the trigger limit is specific to the |  | ||||||
|   whole unit. |  | ||||||
| 
 |  | ||||||
| Implementation-wise this is mostly a wrapper around sd-event's |  | ||||||
| sd_event_source_set_ratelimit(), which exposes the desired behaviour |  | ||||||
| directly. |  | ||||||
| 
 |  | ||||||
| Usecase for all of this: socket services which when overloaded with |  | ||||||
| connections should just slow down reception of it, but not fail |  | ||||||
| persistently. |  | ||||||
| 
 |  | ||||||
| (cherry picked from commit 2bec84e7a5bf3687ae65205753ba3d8067cf2f0e) |  | ||||||
| ---
 |  | ||||||
|  man/org.freedesktop.systemd1.xml      | 12 ++++++++++ |  | ||||||
|  src/core/dbus-socket.c                |  8 +++++++ |  | ||||||
|  src/core/load-fragment-gperf.gperf.in |  2 ++ |  | ||||||
|  src/core/socket.c                     | 32 +++++++++++++++++++-------- |  | ||||||
|  src/core/socket.h                     |  2 ++ |  | ||||||
|  src/shared/bus-unit-util.c            | 10 +++++---- |  | ||||||
|  6 files changed, 53 insertions(+), 13 deletions(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml
 |  | ||||||
| index 56906e2f3b..0557dc2379 100644
 |  | ||||||
| --- a/man/org.freedesktop.systemd1.xml
 |  | ||||||
| +++ b/man/org.freedesktop.systemd1.xml
 |  | ||||||
| @@ -4727,6 +4727,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
 |  | ||||||
|        readonly t TriggerLimitIntervalUSec = ...; |  | ||||||
|        @org.freedesktop.DBus.Property.EmitsChangedSignal("const") |  | ||||||
|        readonly u TriggerLimitBurst = ...; |  | ||||||
| +      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
 |  | ||||||
| +      readonly t PollLimitIntervalUSec = ...;
 |  | ||||||
| +      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
 |  | ||||||
| +      readonly u PollLimitBurst = ...;
 |  | ||||||
|        readonly u UID = ...; |  | ||||||
|        readonly u GID = ...; |  | ||||||
|        @org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates") |  | ||||||
| @@ -5961,6 +5965,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
 |  | ||||||
|   |  | ||||||
|      <variablelist class="dbus-property" generated="True" extra-ref="TriggerLimitBurst"/> |  | ||||||
|   |  | ||||||
| +    <variablelist class="dbus-property" generated="True" extra-ref="PollLimitIntervalUSec"/>
 |  | ||||||
| +
 |  | ||||||
| +    <variablelist class="dbus-property" generated="True" extra-ref="PollLimitBurst"/>
 |  | ||||||
| +
 |  | ||||||
|      <variablelist class="dbus-property" generated="True" extra-ref="UID"/> |  | ||||||
|   |  | ||||||
|      <variablelist class="dbus-property" generated="True" extra-ref="GID"/> |  | ||||||
| @@ -6497,6 +6505,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
 |  | ||||||
|   |  | ||||||
|      <!--End of Autogenerated section--> |  | ||||||
|   |  | ||||||
| +    <para><varname>PollLimitIntervalUSec</varname>/<varname>PollLimitBurst</varname> properties configure the
 |  | ||||||
| +    polling limit for the socket unit. Expects a time in µs, resp. an unsigned integer. If either is set to
 |  | ||||||
| +    zero the limiting feature is turned off.</para>
 |  | ||||||
| +
 |  | ||||||
|      <refsect2> |  | ||||||
|        <title>Properties</title> |  | ||||||
|   |  | ||||||
| diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
 |  | ||||||
| index 09a3a9502b..04552b7c60 100644
 |  | ||||||
| --- a/src/core/dbus-socket.c
 |  | ||||||
| +++ b/src/core/dbus-socket.c
 |  | ||||||
| @@ -129,6 +129,8 @@ const sd_bus_vtable bus_socket_vtable[] = {
 |  | ||||||
|          SD_BUS_PROPERTY("SocketProtocol", "i", bus_property_get_int, offsetof(Socket, socket_protocol), SD_BUS_VTABLE_PROPERTY_CONST), |  | ||||||
|          SD_BUS_PROPERTY("TriggerLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, trigger_limit.interval), SD_BUS_VTABLE_PROPERTY_CONST), |  | ||||||
|          SD_BUS_PROPERTY("TriggerLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, trigger_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST), |  | ||||||
| +        SD_BUS_PROPERTY("PollLimitIntervalUSec", "t", bus_property_get_usec, offsetof(Socket, poll_limit_interval), SD_BUS_VTABLE_PROPERTY_CONST),
 |  | ||||||
| +        SD_BUS_PROPERTY("PollLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, poll_limit_burst), SD_BUS_VTABLE_PROPERTY_CONST),
 |  | ||||||
|          SD_BUS_PROPERTY("UID", "u", bus_property_get_uid, offsetof(Unit, ref_uid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), |  | ||||||
|          SD_BUS_PROPERTY("GID", "u", bus_property_get_gid, offsetof(Unit, ref_gid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), |  | ||||||
|          BUS_EXEC_COMMAND_LIST_VTABLE("ExecStartPre", offsetof(Socket, exec_command[SOCKET_EXEC_START_PRE]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION), |  | ||||||
| @@ -248,6 +250,9 @@ static int bus_socket_set_transient_property(
 |  | ||||||
|          if (streq(name, "TriggerLimitBurst")) |  | ||||||
|                  return bus_set_transient_unsigned(u, name, &s->trigger_limit.burst, message, flags, error); |  | ||||||
|   |  | ||||||
| +        if (streq(name, "PollLimitBurst"))
 |  | ||||||
| +                return bus_set_transient_unsigned(u, name, &s->poll_limit_burst, message, flags, error);
 |  | ||||||
| +
 |  | ||||||
|          if (streq(name, "SocketMode")) |  | ||||||
|                  return bus_set_transient_mode_t(u, name, &s->socket_mode, message, flags, error); |  | ||||||
|   |  | ||||||
| @@ -275,6 +280,9 @@ static int bus_socket_set_transient_property(
 |  | ||||||
|          if (streq(name, "TriggerLimitIntervalUSec")) |  | ||||||
|                  return bus_set_transient_usec(u, name, &s->trigger_limit.interval, message, flags, error); |  | ||||||
|   |  | ||||||
| +        if (streq(name, "PollLimitIntervalUSec"))
 |  | ||||||
| +                return bus_set_transient_usec(u, name, &s->poll_limit_interval, message, flags, error);
 |  | ||||||
| +
 |  | ||||||
|          if (streq(name, "SmackLabel")) |  | ||||||
|                  return bus_set_transient_string(u, name, &s->smack, message, flags, error); |  | ||||||
|   |  | ||||||
| diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in
 |  | ||||||
| index b66adf2811..0d1ee9c231 100644
 |  | ||||||
| --- a/src/core/load-fragment-gperf.gperf.in
 |  | ||||||
| +++ b/src/core/load-fragment-gperf.gperf.in
 |  | ||||||
| @@ -507,6 +507,8 @@ Socket.FileDescriptorName,               config_parse_fdname,
 |  | ||||||
|  Socket.Service,                          config_parse_socket_service,                 0,                                  0 |  | ||||||
|  Socket.TriggerLimitIntervalSec,          config_parse_sec,                            0,                                  offsetof(Socket, trigger_limit.interval) |  | ||||||
|  Socket.TriggerLimitBurst,                config_parse_unsigned,                       0,                                  offsetof(Socket, trigger_limit.burst) |  | ||||||
| +Socket.PollLimitIntervalSec,             config_parse_sec,                            0,                                  offsetof(Socket, poll_limit_interval)
 |  | ||||||
| +Socket.PollLimitBurst,                   config_parse_unsigned,                       0,                                  offsetof(Socket, poll_limit_burst)
 |  | ||||||
|  {% if ENABLE_SMACK %} |  | ||||||
|  Socket.SmackLabel,                       config_parse_unit_string_printf,             0,                                  offsetof(Socket, smack) |  | ||||||
|  Socket.SmackLabelIPIn,                   config_parse_unit_string_printf,             0,                                  offsetof(Socket, smack_ip_in) |  | ||||||
| diff --git a/src/core/socket.c b/src/core/socket.c
 |  | ||||||
| index 75034ac357..dc18744f54 100644
 |  | ||||||
| --- a/src/core/socket.c
 |  | ||||||
| +++ b/src/core/socket.c
 |  | ||||||
| @@ -101,6 +101,9 @@ static void socket_init(Unit *u) {
 |  | ||||||
|   |  | ||||||
|          s->trigger_limit.interval = USEC_INFINITY; |  | ||||||
|          s->trigger_limit.burst = UINT_MAX; |  | ||||||
| +
 |  | ||||||
| +        s->poll_limit_interval = USEC_INFINITY;
 |  | ||||||
| +        s->poll_limit_burst = UINT_MAX;
 |  | ||||||
|  } |  | ||||||
|   |  | ||||||
|  static void socket_unwatch_control_pid(Socket *s) { |  | ||||||
| @@ -310,17 +313,20 @@ static int socket_add_extras(Socket *s) {
 |  | ||||||
|           * off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to |  | ||||||
|           * process whatever is queued in one go, and thus should normally never have to be started frequently. This is |  | ||||||
|           * different for Accept=yes where each connection is processed by a new service instance, and thus frequent |  | ||||||
| -         * service starts are typical. */
 |  | ||||||
| +         * service starts are typical.
 |  | ||||||
| +         *
 |  | ||||||
| +         * For the poll limit we follow a similar rule, but use 3/4th of the trigger limit parameters, to
 |  | ||||||
| +         * trigger this earlier. */
 |  | ||||||
|   |  | ||||||
|          if (s->trigger_limit.interval == USEC_INFINITY) |  | ||||||
|                  s->trigger_limit.interval = 2 * USEC_PER_SEC; |  | ||||||
| +        if (s->trigger_limit.burst == UINT_MAX)
 |  | ||||||
| +                s->trigger_limit.burst = s->accept ? 200 : 20;
 |  | ||||||
|   |  | ||||||
| -        if (s->trigger_limit.burst == UINT_MAX) {
 |  | ||||||
| -                if (s->accept)
 |  | ||||||
| -                        s->trigger_limit.burst = 200;
 |  | ||||||
| -                else
 |  | ||||||
| -                        s->trigger_limit.burst = 20;
 |  | ||||||
| -        }
 |  | ||||||
| +        if (s->poll_limit_interval == USEC_INFINITY)
 |  | ||||||
| +                s->poll_limit_interval = 2 * USEC_PER_SEC;
 |  | ||||||
| +        if (s->poll_limit_burst == UINT_MAX)
 |  | ||||||
| +                s->poll_limit_burst = s->accept ? 150 : 15;
 |  | ||||||
|   |  | ||||||
|          if (have_non_accept_socket(s)) { |  | ||||||
|   |  | ||||||
| @@ -770,9 +776,13 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
 |  | ||||||
|   |  | ||||||
|          fprintf(f, |  | ||||||
|                  "%sTriggerLimitIntervalSec: %s\n" |  | ||||||
| -                "%sTriggerLimitBurst: %u\n",
 |  | ||||||
| +                "%sTriggerLimitBurst: %u\n"
 |  | ||||||
| +                "%sPollLimitIntervalSec: %s\n"
 |  | ||||||
| +                "%sPollLimitBurst: %u\n",
 |  | ||||||
|                  prefix, FORMAT_TIMESPAN(s->trigger_limit.interval, USEC_PER_SEC), |  | ||||||
| -                prefix, s->trigger_limit.burst);
 |  | ||||||
| +                prefix, s->trigger_limit.burst,
 |  | ||||||
| +                prefix, FORMAT_TIMESPAN(s->poll_limit_interval, USEC_PER_SEC),
 |  | ||||||
| +                prefix, s->poll_limit_burst);
 |  | ||||||
|   |  | ||||||
|          str = ip_protocol_to_name(s->socket_protocol); |  | ||||||
|          if (str) |  | ||||||
| @@ -1765,6 +1775,10 @@ static int socket_watch_fds(Socket *s) {
 |  | ||||||
|   |  | ||||||
|                          (void) sd_event_source_set_description(p->event_source, "socket-port-io"); |  | ||||||
|                  } |  | ||||||
| +
 |  | ||||||
| +                r = sd_event_source_set_ratelimit(p->event_source, s->poll_limit_interval, s->poll_limit_burst);
 |  | ||||||
| +                if (r < 0)
 |  | ||||||
| +                        log_unit_debug_errno(UNIT(s), r, "Failed to set poll limit on I/O event source, ignoring: %m");
 |  | ||||||
|          } |  | ||||||
|   |  | ||||||
|          return 0; |  | ||||||
| diff --git a/src/core/socket.h b/src/core/socket.h
 |  | ||||||
| index 191d27f46d..b03a291e4a 100644
 |  | ||||||
| --- a/src/core/socket.h
 |  | ||||||
| +++ b/src/core/socket.h
 |  | ||||||
| @@ -158,6 +158,8 @@ struct Socket {
 |  | ||||||
|          char *fdname; |  | ||||||
|   |  | ||||||
|          RateLimit trigger_limit; |  | ||||||
| +        usec_t poll_limit_interval;
 |  | ||||||
| +        unsigned poll_limit_burst;
 |  | ||||||
|  }; |  | ||||||
|   |  | ||||||
|  SocketPeer *socket_peer_ref(SocketPeer *p); |  | ||||||
| diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
 |  | ||||||
| index e7b44cc39b..9f0f37488d 100644
 |  | ||||||
| --- a/src/shared/bus-unit-util.c
 |  | ||||||
| +++ b/src/shared/bus-unit-util.c
 |  | ||||||
| @@ -2170,10 +2170,10 @@ static int bus_append_path_property(sd_bus_message *m, const char *field, const
 |  | ||||||
|                  return 1; |  | ||||||
|          } |  | ||||||
|   |  | ||||||
| -        if (streq(field, "TriggerLimitBurst"))
 |  | ||||||
| +        if (STR_IN_SET(field, "TriggerLimitBurst", "PollLimitBurst"))
 |  | ||||||
|                  return bus_append_safe_atou(m, field, eq); |  | ||||||
|   |  | ||||||
| -        if (streq(field, "TriggerLimitIntervalSec"))
 |  | ||||||
| +        if (STR_IN_SET(field, "TriggerLimitIntervalSec", "PollLimitIntervalSec"))
 |  | ||||||
|                  return bus_append_parse_sec_rename(m, field, eq); |  | ||||||
|   |  | ||||||
|          return 0; |  | ||||||
| @@ -2382,7 +2382,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons
 |  | ||||||
|                                "MaxConnections", |  | ||||||
|                                "MaxConnectionsPerSource", |  | ||||||
|                                "KeepAliveProbes", |  | ||||||
| -                              "TriggerLimitBurst"))
 |  | ||||||
| +                              "TriggerLimitBurst",
 |  | ||||||
| +                              "PollLimitBurst"))
 |  | ||||||
|                  return bus_append_safe_atou(m, field, eq); |  | ||||||
|   |  | ||||||
|          if (STR_IN_SET(field, "SocketMode", |  | ||||||
| @@ -2397,7 +2398,8 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons
 |  | ||||||
|                                "KeepAliveTimeSec", |  | ||||||
|                                "KeepAliveIntervalSec", |  | ||||||
|                                "DeferAcceptSec", |  | ||||||
| -                              "TriggerLimitIntervalSec"))
 |  | ||||||
| +                              "TriggerLimitIntervalSec",
 |  | ||||||
| +                              "PollLimitIntervalSec"))
 |  | ||||||
|                  return bus_append_parse_sec_rename(m, field, eq); |  | ||||||
|   |  | ||||||
|          if (STR_IN_SET(field, "ReceiveBuffer", |  | ||||||
| @ -1,50 +0,0 @@ | |||||||
| From 537c00c984910f417a2f2d4aad997f822060d4d1 Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Adam Williamson <awilliam@redhat.com> |  | ||||||
| Date: Tue, 19 Sep 2023 16:06:26 -0700 |  | ||||||
| Subject: [PATCH] find_legacy_keymap: extend variant match bonus again |  | ||||||
| 
 |  | ||||||
| If the column is "-" and the X context variant specifer only |  | ||||||
| contains commas, we should also give the match bonus. The variant |  | ||||||
| string is supposed to be a comma-separated list as long as the |  | ||||||
| list of layouts, so it's quite natural for consumers to be written |  | ||||||
| in such a way that they pass a string only containing commas if |  | ||||||
| there are multiple layouts and no variants. anaconda is a real |  | ||||||
| world case that does this. |  | ||||||
| 
 |  | ||||||
| Signed-off-by: Adam Williamson <awilliam@redhat.com> |  | ||||||
| ---
 |  | ||||||
|  src/locale/localed-util.c      | 2 +- |  | ||||||
|  src/locale/test-localed-util.c | 7 +++++++ |  | ||||||
|  2 files changed, 8 insertions(+), 1 deletion(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c
 |  | ||||||
| index eba13a2ac3..9b6949e14d 100644
 |  | ||||||
| --- a/src/locale/localed-util.c
 |  | ||||||
| +++ b/src/locale/localed-util.c
 |  | ||||||
| @@ -839,7 +839,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
 |  | ||||||
|                          if (isempty(xc->model) || streq_ptr(xc->model, a[2])) { |  | ||||||
|                                  matching++; |  | ||||||
|   |  | ||||||
| -                                if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) {
 |  | ||||||
| +                                if (streq_ptr(xc->variant, a[3]) || ((isempty(xc->variant) || streq_skip_trailing_chars(xc->variant, "", ",")) && streq(a[3], "-"))) {
 |  | ||||||
|                                          matching++; |  | ||||||
|   |  | ||||||
|                                          if (streq_ptr(xc->options, a[4])) |  | ||||||
| diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c
 |  | ||||||
| index f702ff29b0..e92c178a98 100644
 |  | ||||||
| --- a/src/locale/test-localed-util.c
 |  | ||||||
| +++ b/src/locale/test-localed-util.c
 |  | ||||||
| @@ -185,6 +185,13 @@ TEST(x11_convert_to_vconsole) {
 |  | ||||||
|          assert_se(streq(vc.keymap, "bg_bds-utf8")); |  | ||||||
|          vc_context_clear(&vc); |  | ||||||
|   |  | ||||||
| +        /* same, but with variant specified as "," */
 |  | ||||||
| +        log_info("/* test with variant as ',', desired match second (bg,us:) */");
 |  | ||||||
| +        assert_se(free_and_strdup(&xc.variant, ",") >= 0);
 |  | ||||||
| +        assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0);
 |  | ||||||
| +        assert_se(streq(vc.keymap, "bg_bds-utf8"));
 |  | ||||||
| +        vc_context_clear(&vc);
 |  | ||||||
| +
 |  | ||||||
|          log_info("/* test with old mapping (fr:latin9) */"); |  | ||||||
|          assert_se(free_and_strdup(&xc.layout, "fr") >= 0); |  | ||||||
|          assert_se(free_and_strdup(&xc.variant, "latin9") >= 0); |  | ||||||
| @ -1,58 +0,0 @@ | |||||||
| From a30ae31351ffa701ca860779495d4f52db4c462c Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Adam Williamson <awilliam@redhat.com> |  | ||||||
| Date: Fri, 15 Sep 2023 15:35:36 -0700 |  | ||||||
| Subject: [PATCH 1/2] find_legacy_keymap: fix empty variant matching |  | ||||||
| 
 |  | ||||||
| We should give a match bonus if the X context variant is empty |  | ||||||
| and the xvariant column in kbd-model-map is "-" (which means |  | ||||||
| none). Currently, we don't, which means that if you call this |  | ||||||
| on a context with layouts bg,us and no variant, you get the |  | ||||||
| console layout bg_pho-utf8 instead of bg_bds-utf8 (because both |  | ||||||
| score the same, and the bg_pho-utf8 row comes first). You should |  | ||||||
| get bg_bds-utf8 in this case. |  | ||||||
| 
 |  | ||||||
| Signed-off-by: Adam Williamson <awilliam@redhat.com> |  | ||||||
| ---
 |  | ||||||
|  src/locale/localed-util.c      |  2 +- |  | ||||||
|  src/locale/test-localed-util.c | 12 ++++++++++++ |  | ||||||
|  2 files changed, 13 insertions(+), 1 deletion(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c
 |  | ||||||
| index 02fac9786b..6a05b50a31 100644
 |  | ||||||
| --- a/src/locale/localed-util.c
 |  | ||||||
| +++ b/src/locale/localed-util.c
 |  | ||||||
| @@ -825,7 +825,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
 |  | ||||||
|                          if (isempty(xc->model) || streq_ptr(xc->model, a[2])) { |  | ||||||
|                                  matching++; |  | ||||||
|   |  | ||||||
| -                                if (streq_ptr(xc->variant, a[3])) {
 |  | ||||||
| +                                if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) {
 |  | ||||||
|                                          matching++; |  | ||||||
|   |  | ||||||
|                                          if (streq_ptr(xc->options, a[4])) |  | ||||||
| diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c
 |  | ||||||
| index cb66dffd48..a19d80a967 100644
 |  | ||||||
| --- a/src/locale/test-localed-util.c
 |  | ||||||
| +++ b/src/locale/test-localed-util.c
 |  | ||||||
| @@ -173,6 +173,18 @@ TEST(x11_convert_to_vconsole) {
 |  | ||||||
|          assert_se(streq(vc.keymap, "es-dvorak")); |  | ||||||
|          vc_context_clear(&vc); |  | ||||||
|   |  | ||||||
| +        /* es no-variant test is not very good as the desired match
 |  | ||||||
| +        comes first in the list so will win if both candidates score
 |  | ||||||
| +        the same. in this case the desired match comes second so will
 |  | ||||||
| +        not win unless we correctly give the no-variant match a bonus
 |  | ||||||
| +        */
 |  | ||||||
| +        log_info("/* test without variant, desired match second (bg,us:) */");
 |  | ||||||
| +        assert_se(free_and_strdup(&xc.layout, "bg,us") >= 0);
 |  | ||||||
| +        assert_se(free_and_strdup(&xc.variant, NULL) >= 0);
 |  | ||||||
| +        assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0);
 |  | ||||||
| +        assert_se(streq(vc.keymap, "bg_bds-utf8"));
 |  | ||||||
| +        vc_context_clear(&vc);
 |  | ||||||
| +
 |  | ||||||
|          log_info("/* test with old mapping (fr:latin9) */"); |  | ||||||
|          assert_se(free_and_strdup(&xc.layout, "fr") >= 0); |  | ||||||
|          assert_se(free_and_strdup(&xc.variant, "latin9") >= 0); |  | ||||||
| -- 
 |  | ||||||
| 2.41.0 |  | ||||||
| 
 |  | ||||||
| @ -1,25 +0,0 @@ | |||||||
| From ca831de1704f4e28241df513aa89ac465a7c8ab2 Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Adam Williamson <awilliam@redhat.com> |  | ||||||
| Date: Wed, 20 Sep 2023 15:14:31 -0700 |  | ||||||
| Subject: [PATCH] keyboard-model-map: correct sk-qwerty entry |  | ||||||
| 
 |  | ||||||
| qwerty here is a variant, not an option. |  | ||||||
| 
 |  | ||||||
| Signed-off-by: Adam Williamson <awilliam@redhat.com> |  | ||||||
| ---
 |  | ||||||
|  src/locale/kbd-model-map | 2 +- |  | ||||||
|  1 file changed, 1 insertion(+), 1 deletion(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/src/locale/kbd-model-map b/src/locale/kbd-model-map
 |  | ||||||
| index a145e13ecd..279d1a36d8 100644
 |  | ||||||
| --- a/src/locale/kbd-model-map
 |  | ||||||
| +++ b/src/locale/kbd-model-map
 |  | ||||||
| @@ -52,7 +52,7 @@ es			es	pc105		-		terminate:ctrl_alt_bksp
 |  | ||||||
|  ro-cedilla		ro	pc105		cedilla		terminate:ctrl_alt_bksp |  | ||||||
|  ie			ie	pc105		-		terminate:ctrl_alt_bksp |  | ||||||
|  et			ee	pc105		-		terminate:ctrl_alt_bksp |  | ||||||
| -sk-qwerty		sk	pc105		-		terminate:ctrl_alt_bksp,qwerty
 |  | ||||||
| +sk-qwerty		sk	pc105		qwerty		terminate:ctrl_alt_bksp
 |  | ||||||
|  sk-qwertz		sk	pc105		-		terminate:ctrl_alt_bksp |  | ||||||
|  fr-latin9		fr	pc105		latin9		terminate:ctrl_alt_bksp |  | ||||||
|  fr_CH-latin1		ch	pc105		fr		terminate:ctrl_alt_bksp |  | ||||||
| @ -1,117 +0,0 @@ | |||||||
| From cf649cc21bf997b90606db664d74726fcaf002de Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Adam Williamson <awilliam@redhat.com> |  | ||||||
| Date: Fri, 15 Sep 2023 16:02:29 -0700 |  | ||||||
| Subject: [PATCH 2/2] find_legacy_keymap: try matching with layout order |  | ||||||
|  reversed |  | ||||||
| 
 |  | ||||||
| The lines in kbd-model-map date back to ye olde times (RH's old |  | ||||||
| system-config-keyboard), and I think predate this bug: |  | ||||||
| 
 |  | ||||||
| https://bugzilla.redhat.com/show_bug.cgi?id=1039185 |  | ||||||
| 
 |  | ||||||
| where we got strong feedback that, for 'switched' layout setups |  | ||||||
| like Russian, US English should be the *first* layout and the |  | ||||||
| native layout the *second* one. This is how anaconda and, as of |  | ||||||
| recently, gnome-initial-setup configure such cases - but that |  | ||||||
| means, if we try to use localed to convert these configurations |  | ||||||
| using kbd-model-map, we get the wrong result (we get "us" as the |  | ||||||
| console layout). See also: |  | ||||||
| 
 |  | ||||||
| https://bugzilla.redhat.com/show_bug.cgi?id=1912609 |  | ||||||
| 
 |  | ||||||
| where we first noticed this wasn't working right, but sadly, we |  | ||||||
| 'fixed' it with a not-really-correct bodge in anaconda instead |  | ||||||
| of doing it properly. |  | ||||||
| 
 |  | ||||||
| Signed-off-by: Adam Williamson <awilliam@redhat.com> |  | ||||||
| ---
 |  | ||||||
|  src/locale/localed-util.c      | 44 ++++++++++++++++++++++------------ |  | ||||||
|  src/locale/test-localed-util.c |  5 +++- |  | ||||||
|  2 files changed, 33 insertions(+), 16 deletions(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c
 |  | ||||||
| index 6a05b50a31..eba13a2ac3 100644
 |  | ||||||
| --- a/src/locale/localed-util.c
 |  | ||||||
| +++ b/src/locale/localed-util.c
 |  | ||||||
| @@ -803,21 +803,35 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
 |  | ||||||
|                          /* If we got an exact match, this is the best */ |  | ||||||
|                          matching = 10; |  | ||||||
|                  else { |  | ||||||
| -                        /* We have multiple X layouts, look for an
 |  | ||||||
| -                         * entry that matches our key with everything
 |  | ||||||
| -                         * but the first layout stripped off. */
 |  | ||||||
| -                        if (startswith_comma(xc->layout, a[1]))
 |  | ||||||
| -                                matching = 5;
 |  | ||||||
| +                        /* see if we get an exact match with the order reversed */
 |  | ||||||
| +                        _cleanup_strv_free_ char **b = NULL;
 |  | ||||||
| +                        _cleanup_free_ char *c = NULL;
 |  | ||||||
| +                        r = strv_split_full(&b, a[1], ",", 0);
 |  | ||||||
| +                        if (r < 0)
 |  | ||||||
| +                                return r;
 |  | ||||||
| +                        strv_reverse(b);
 |  | ||||||
| +                        c = strv_join(b, ",");
 |  | ||||||
| +                        if (!c)
 |  | ||||||
| +                                return log_oom();
 |  | ||||||
| +                        if (streq(xc->layout, c))
 |  | ||||||
| +                                matching = 9;
 |  | ||||||
|                          else { |  | ||||||
| -                                _cleanup_free_ char *x = NULL;
 |  | ||||||
| -
 |  | ||||||
| -                                /* If that didn't work, strip off the
 |  | ||||||
| -                                 * other layouts from the entry, too */
 |  | ||||||
| -                                x = strdupcspn(a[1], ",");
 |  | ||||||
| -                                if (!x)
 |  | ||||||
| -                                        return -ENOMEM;
 |  | ||||||
| -                                if (startswith_comma(xc->layout, x))
 |  | ||||||
| -                                        matching = 1;
 |  | ||||||
| +                                /* We have multiple X layouts, look for an
 |  | ||||||
| +                                 * entry that matches our key with everything
 |  | ||||||
| +                                 * but the first layout stripped off. */
 |  | ||||||
| +                                if (startswith_comma(xc->layout, a[1]))
 |  | ||||||
| +                                        matching = 5;
 |  | ||||||
| +                                else {
 |  | ||||||
| +                                        _cleanup_free_ char *x = NULL;
 |  | ||||||
| +
 |  | ||||||
| +                                        /* If that didn't work, strip off the
 |  | ||||||
| +                                         * other layouts from the entry, too */
 |  | ||||||
| +                                        x = strdupcspn(a[1], ",");
 |  | ||||||
| +                                        if (!x)
 |  | ||||||
| +                                                return -ENOMEM;
 |  | ||||||
| +                                        if (startswith_comma(xc->layout, x))
 |  | ||||||
| +                                                matching = 1;
 |  | ||||||
| +                                }
 |  | ||||||
|                          } |  | ||||||
|                  } |  | ||||||
|   |  | ||||||
| @@ -848,7 +862,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
 |  | ||||||
|                  } |  | ||||||
|          } |  | ||||||
|   |  | ||||||
| -        if (best_matching < 10 && !isempty(xc->layout)) {
 |  | ||||||
| +        if (best_matching < 9 && !isempty(xc->layout)) {
 |  | ||||||
|                  _cleanup_free_ char *l = NULL, *v = NULL, *converted = NULL; |  | ||||||
|   |  | ||||||
|                  /* The best match is only the first part of the X11 |  | ||||||
| diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c
 |  | ||||||
| index a19d80a967..f702ff29b0 100644
 |  | ||||||
| --- a/src/locale/test-localed-util.c
 |  | ||||||
| +++ b/src/locale/test-localed-util.c
 |  | ||||||
| @@ -192,11 +192,14 @@ TEST(x11_convert_to_vconsole) {
 |  | ||||||
|          assert_se(streq(vc.keymap, "fr-latin9")); |  | ||||||
|          vc_context_clear(&vc); |  | ||||||
|   |  | ||||||
| +        /* https://bugzilla.redhat.com/show_bug.cgi?id=1039185 */
 |  | ||||||
| +        /* us,ru is the x config users want, but they still want ru
 |  | ||||||
| +        as the console layout in this case */
 |  | ||||||
|          log_info("/* test with a compound mapping (us,ru:) */"); |  | ||||||
|          assert_se(free_and_strdup(&xc.layout, "us,ru") >= 0); |  | ||||||
|          assert_se(free_and_strdup(&xc.variant, NULL) >= 0); |  | ||||||
|          assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0); |  | ||||||
| -        assert_se(streq(vc.keymap, "us"));
 |  | ||||||
| +        assert_se(streq(vc.keymap, "ru"));
 |  | ||||||
|          vc_context_clear(&vc); |  | ||||||
|   |  | ||||||
|          log_info("/* test with a compound mapping (ru,us:) */"); |  | ||||||
| -- 
 |  | ||||||
| 2.41.0 |  | ||||||
| 
 |  | ||||||
| @ -1,80 +0,0 @@ | |||||||
| From f6b09a2ed646f0a0b54605d4c19a898ab2bbf192 Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Lennart Poettering <lennart@poettering.net> |  | ||||||
| Date: Mon, 18 Sep 2023 17:51:49 +0200 |  | ||||||
| Subject: [PATCH 2/3] man: document the new |  | ||||||
|  PollLimitIntervalSec=/PollLimitBurst= settings |  | ||||||
| 
 |  | ||||||
| (cherry picked from commit 9373fce68de183a615d44fe100dcf22e3c9b8c3e) |  | ||||||
| ---
 |  | ||||||
|  man/systemd.socket.xml | 58 ++++++++++++++++++++++++++++++++++-------- |  | ||||||
|  1 file changed, 47 insertions(+), 11 deletions(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
 |  | ||||||
| index 45555302f1..462978d438 100644
 |  | ||||||
| --- a/man/systemd.socket.xml
 |  | ||||||
| +++ b/man/systemd.socket.xml
 |  | ||||||
| @@ -830,17 +830,53 @@
 |  | ||||||
|          <term><varname>TriggerLimitIntervalSec=</varname></term> |  | ||||||
|          <term><varname>TriggerLimitBurst=</varname></term> |  | ||||||
|   |  | ||||||
| -        <listitem><para>Configures a limit on how often this socket unit may be activated within a specific time
 |  | ||||||
| -        interval. The <varname>TriggerLimitIntervalSec=</varname> may be used to configure the length of the time
 |  | ||||||
| -        interval in the usual time units <literal>us</literal>, <literal>ms</literal>, <literal>s</literal>,
 |  | ||||||
| -        <literal>min</literal>, <literal>h</literal>, … and defaults to 2s (See
 |  | ||||||
| -        <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> for details on
 |  | ||||||
| -        the various time units understood). The <varname>TriggerLimitBurst=</varname> setting takes a positive integer
 |  | ||||||
| -        value and specifies the number of permitted activations per time interval, and defaults to 200 for
 |  | ||||||
| -        <varname>Accept=yes</varname> sockets (thus by default permitting 200 activations per 2s), and 20 otherwise (20
 |  | ||||||
| -        activations per 2s). Set either to 0 to disable any form of trigger rate limiting. If the limit is hit, the
 |  | ||||||
| -        socket unit is placed into a failure mode, and will not be connectible anymore until restarted. Note that this
 |  | ||||||
| -        limit is enforced before the service activation is enqueued.</para></listitem>
 |  | ||||||
| +        <listitem><para>Configures a limit on how often this socket unit may be activated within a specific
 |  | ||||||
| +        time interval. The <varname>TriggerLimitIntervalSec=</varname> setting may be used to configure the
 |  | ||||||
| +        length of the time interval in the usual time units <literal>us</literal>, <literal>ms</literal>,
 |  | ||||||
| +        <literal>s</literal>, <literal>min</literal>, <literal>h</literal>, … and defaults to 2s (See
 |  | ||||||
| +        <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
 |  | ||||||
| +        details on the various time units understood). The <varname>TriggerLimitBurst=</varname> setting
 |  | ||||||
| +        takes a positive integer value and specifies the number of permitted activations per time interval,
 |  | ||||||
| +        and defaults to 200 for <varname>Accept=yes</varname> sockets (thus by default permitting 200
 |  | ||||||
| +        activations per 2s), and 20 otherwise (20 activations per 2s). Set either to 0 to disable any form of
 |  | ||||||
| +        trigger rate limiting.</para>
 |  | ||||||
| +
 |  | ||||||
| +        <para>If the limit is hit, the socket unit is placed into a failure mode, and will not be connectible
 |  | ||||||
| +        anymore until restarted. Note that this limit is enforced before the service activation is
 |  | ||||||
| +        enqueued.</para>
 |  | ||||||
| +
 |  | ||||||
| +        <para>Compare with <varname>PollLimitIntervalSec=</varname>/<varname>PollLimitBurst=</varname>
 |  | ||||||
| +        described below, which implements a temporary slowdown if a socket unit is flooded with incoming
 |  | ||||||
| +        traffic, as opposed to the permanent failure state
 |  | ||||||
| +        <varname>TriggerLimitIntervalSec=</varname>/<varname>TriggerLimitBurst=</varname> results in.</para>
 |  | ||||||
| +        </listitem>
 |  | ||||||
| +      </varlistentry>
 |  | ||||||
| +
 |  | ||||||
| +      <varlistentry>
 |  | ||||||
| +        <term><varname>PollLimitIntervalSec=</varname></term>
 |  | ||||||
| +        <term><varname>PollLimitBurst=</varname></term>
 |  | ||||||
| +
 |  | ||||||
| +        <listitem><para>Configures a limit on how often polling events on the file descriptors backing this
 |  | ||||||
| +        socket unit will be considered. This pair of settings is similar to
 |  | ||||||
| +        <varname>TriggerLimitIntervalSec=</varname>/<varname>TriggerLimitBurst=</varname> but instead of
 |  | ||||||
| +        putting a (fatal) limit on the activation frequency puts a (transient) limit on the polling
 |  | ||||||
| +        frequency. The expected parameter syntax and range are identical to that of the aforementioned
 |  | ||||||
| +        options, and can be disabled the same way.</para>
 |  | ||||||
| +
 |  | ||||||
| +        <para>If the polling limit is hit polling is temporarily disabled on it until the specified time
 |  | ||||||
| +        window passes. The polling limit hence slows down connection attempts if hit, but unlike the trigger
 |  | ||||||
| +        limit won't cause permanent failures. It's the recommended mechanism to deal with DoS attempts
 |  | ||||||
| +        through packet flooding.</para>
 |  | ||||||
| +
 |  | ||||||
| +        <para>The polling limit is enforced per file descriptor to listen on, as opposed to the trigger limit
 |  | ||||||
| +        which is enforced for the entire socket unit. This distinction matters for socket units that listen
 |  | ||||||
| +        on multiple file descriptors (i.e. have multiple <varname>ListenXYZ=</varname> stanzas).</para>
 |  | ||||||
| +
 |  | ||||||
| +        <para>These setting defaults to 150 (in case of <varname>Accept=yes</varname>) and 15 (otherwise)
 |  | ||||||
| +        polling events per 2s. This is considerably lower than the default values for the trigger limit (see
 |  | ||||||
| +        above) and means that the polling limit should typically ensure the trigger limit is never hit,
 |  | ||||||
| +        unless one of them is reconfigured or disabled.</para>
 |  | ||||||
| +        </listitem>
 |  | ||||||
|        </varlistentry> |  | ||||||
|   |  | ||||||
|      </variablelist> |  | ||||||
| @ -1,79 +0,0 @@ | |||||||
| From ae92a9714744bbf92fe69ffe276a668b031a6d26 Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Lennart Poettering <lennart@poettering.net> |  | ||||||
| Date: Mon, 18 Sep 2023 18:05:27 +0200 |  | ||||||
| Subject: [PATCH 3/3] ci: add test for poll limit |  | ||||||
| 
 |  | ||||||
| (cherry picked from commit 065e478a4a8cc8e41a6e87756c081396f253e853) |  | ||||||
| ---
 |  | ||||||
|  test/TEST-07-PID1/test.sh             |  2 ++ |  | ||||||
|  test/units/testsuite-07.poll-limit.sh | 48 +++++++++++++++++++++++++++ |  | ||||||
|  2 files changed, 50 insertions(+) |  | ||||||
|  create mode 100755 test/units/testsuite-07.poll-limit.sh |  | ||||||
| 
 |  | ||||||
| diff --git a/test/TEST-07-PID1/test.sh b/test/TEST-07-PID1/test.sh
 |  | ||||||
| index 1c3d7137fe..d0e35d870f 100755
 |  | ||||||
| --- a/test/TEST-07-PID1/test.sh
 |  | ||||||
| +++ b/test/TEST-07-PID1/test.sh
 |  | ||||||
| @@ -32,6 +32,8 @@ Alias=issue2730-alias.mount
 |  | ||||||
|  EOF |  | ||||||
|      "${SYSTEMCTL:?}" enable --root="$workspace" issue2730.mount |  | ||||||
|      ln -svrf "$workspace/etc/systemd/system/issue2730.mount" "$workspace/etc/systemd/system/issue2730-alias.mount" |  | ||||||
| +
 |  | ||||||
| +    image_install logger
 |  | ||||||
|  } |  | ||||||
|   |  | ||||||
|  do_test "$@" |  | ||||||
| diff --git a/test/units/testsuite-07.poll-limit.sh b/test/units/testsuite-07.poll-limit.sh
 |  | ||||||
| new file mode 100755 |  | ||||||
| index 0000000000..480d7ee8df
 |  | ||||||
| --- /dev/null
 |  | ||||||
| +++ b/test/units/testsuite-07.poll-limit.sh
 |  | ||||||
| @@ -0,0 +1,48 @@
 |  | ||||||
| +#!/usr/bin/env bash
 |  | ||||||
| +# SPDX-License-Identifier: LGPL-2.1-or-later
 |  | ||||||
| +set -eux
 |  | ||||||
| +set -o pipefail
 |  | ||||||
| +
 |  | ||||||
| +systemd-analyze log-level debug
 |  | ||||||
| +
 |  | ||||||
| +cat > /run/systemd/system/floodme@.service <<EOF
 |  | ||||||
| +[Service]
 |  | ||||||
| +ExecStart=/bin/true
 |  | ||||||
| +EOF
 |  | ||||||
| +
 |  | ||||||
| +cat > /run/systemd/system/floodme.socket <<EOF
 |  | ||||||
| +[Socket]
 |  | ||||||
| +ListenStream=/tmp/floodme
 |  | ||||||
| +PollLimitIntervalSec=10s
 |  | ||||||
| +Accept=yes
 |  | ||||||
| +PollLimitBurst=3
 |  | ||||||
| +EOF
 |  | ||||||
| +
 |  | ||||||
| +systemctl daemon-reload
 |  | ||||||
| +systemctl start floodme.socket
 |  | ||||||
| +
 |  | ||||||
| +START=$(date +%s%N)
 |  | ||||||
| +
 |  | ||||||
| +# Trigger this 100 times in a flood
 |  | ||||||
| +for (( i=0 ; i < 100; i++ )) ; do
 |  | ||||||
| +    logger -u /tmp/floodme foo &
 |  | ||||||
| +done
 |  | ||||||
| +
 |  | ||||||
| +# Let some time pass
 |  | ||||||
| +sleep 5
 |  | ||||||
| +
 |  | ||||||
| +END=$(date +%s%N)
 |  | ||||||
| +
 |  | ||||||
| +PASSED=$((END-START))
 |  | ||||||
| +
 |  | ||||||
| +# Calculate (round up) how many trigger events could have happened in the passed time
 |  | ||||||
| +MAXCOUNT=$(((PASSED+10000000000)*3/10000000000))
 |  | ||||||
| +
 |  | ||||||
| +# We started 100 connection attempts, but only 3 should have gone through, as per limit
 |  | ||||||
| +test "$(systemctl show -P NAccepted floodme.socket)" -le "$MAXCOUNT"
 |  | ||||||
| +
 |  | ||||||
| +systemctl stop floodme.socket floodme@*.service
 |  | ||||||
| +
 |  | ||||||
| +rm /run/systemd/system/floodme@.service /run/systemd/system/floodme.socket /tmp/floodme
 |  | ||||||
| +
 |  | ||||||
| +systemctl daemon-reload
 |  | ||||||
| @ -1,94 +0,0 @@ | |||||||
| From 631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa Mon Sep 17 00:00:00 2001 |  | ||||||
| From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> |  | ||||||
| Date: Wed, 26 Jul 2023 09:02:04 +0200 |  | ||||||
| Subject: [PATCH] rpm: add %systemd_postun_with_reload and |  | ||||||
|  %systemd_user_postun_with_reload |  | ||||||
| 
 |  | ||||||
| For some units, the package would like to issue a reload. The machinery was |  | ||||||
| already in place since c9615f73521986b3607b852c139036d58973043c: |  | ||||||
| 
 |  | ||||||
|   systemctl reload-or-restart --marked |  | ||||||
| 
 |  | ||||||
|   Enqueues restart jobs for all units that have the 'needs-restart' |  | ||||||
|   mark, and reload jobs for units that have the 'needs-reload' mark. |  | ||||||
|   When a unit marked for reload does not support reload, restart will |  | ||||||
|   be queued. |  | ||||||
| 
 |  | ||||||
| The new macros allow a reload to be issued instead of a restart. |  | ||||||
| 
 |  | ||||||
| Based on the discussion on fedora-devel: |  | ||||||
| https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/IJSUGIEJNYZZRE53FF4YFUEBRHRAVIXR/ |  | ||||||
| 
 |  | ||||||
| Tested using dummy package https://github.com/keszybz/rpm-test-reload. |  | ||||||
| ---
 |  | ||||||
|  src/rpm/macros.systemd.in        | 16 ++++++++++++++++ |  | ||||||
|  src/rpm/systemd-update-helper.in | 22 ++++++++++++++++++++++ |  | ||||||
|  2 files changed, 38 insertions(+) |  | ||||||
| 
 |  | ||||||
| diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in
 |  | ||||||
| index c07541c7286c..f05553f557e9 100644
 |  | ||||||
| --- a/src/rpm/macros.systemd.in
 |  | ||||||
| +++ b/src/rpm/macros.systemd.in
 |  | ||||||
| @@ -101,6 +101,22 @@ if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
 |  | ||||||
|  fi \ |  | ||||||
|  %{nil} |  | ||||||
|   |  | ||||||
| +%systemd_postun_with_reload() \
 |  | ||||||
| +%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_reload}} \
 |  | ||||||
| +if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
 |  | ||||||
| +    # Package upgrade, not uninstall \
 |  | ||||||
| +    {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-system-units %{?*} || : \
 |  | ||||||
| +fi \
 |  | ||||||
| +%{nil}
 |  | ||||||
| +
 |  | ||||||
| +%systemd_user_postun_with_reload() \
 |  | ||||||
| +%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_postun_with_reload}} \
 |  | ||||||
| +if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
 |  | ||||||
| +    # Package upgrade, not uninstall \
 |  | ||||||
| +    {{SYSTEMD_UPDATE_HELPER_PATH}} mark-reload-user-units %{?*} || : \
 |  | ||||||
| +fi \
 |  | ||||||
| +%{nil}
 |  | ||||||
| +
 |  | ||||||
|  %udev_hwdb_update() %{nil} |  | ||||||
|   |  | ||||||
|  %udev_rules_update() %{nil} |  | ||||||
| diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in
 |  | ||||||
| index c623a5ea1722..c81e16c3d3ff 100755
 |  | ||||||
| --- a/src/rpm/systemd-update-helper.in
 |  | ||||||
| +++ b/src/rpm/systemd-update-helper.in
 |  | ||||||
| @@ -47,6 +47,15 @@ case "$command" in
 |  | ||||||
|          wait |  | ||||||
|          ;; |  | ||||||
|   |  | ||||||
| +    mark-reload-system-units)
 |  | ||||||
| +        [ -d /run/systemd/system ] || exit 0
 |  | ||||||
| +
 |  | ||||||
| +        for unit in "$@"; do
 |  | ||||||
| +            systemctl set-property "$unit" Markers=+needs-reload &
 |  | ||||||
| +        done
 |  | ||||||
| +        wait
 |  | ||||||
| +        ;;
 |  | ||||||
| +
 |  | ||||||
|      mark-restart-user-units) |  | ||||||
|          [ -d /run/systemd/system ] || exit 0 |  | ||||||
|   |  | ||||||
| @@ -60,6 +69,19 @@ case "$command" in
 |  | ||||||
|          wait |  | ||||||
|          ;; |  | ||||||
|   |  | ||||||
| +    mark-reload-user-units)
 |  | ||||||
| +        [ -d /run/systemd/system ] || exit 0
 |  | ||||||
| +
 |  | ||||||
| +        users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p')
 |  | ||||||
| +        for user in $users; do
 |  | ||||||
| +            for unit in "$@"; do
 |  | ||||||
| +                SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \
 |  | ||||||
| +                        systemctl --user -M "$user@" set-property "$unit" Markers=+needs-reload &
 |  | ||||||
| +            done
 |  | ||||||
| +        done
 |  | ||||||
| +        wait
 |  | ||||||
| +        ;;
 |  | ||||||
| +
 |  | ||||||
|      system-reload-restart|system-reload|system-restart) |  | ||||||
|          if [ -n "$*" ]; then |  | ||||||
|              echo "Unexpected arguments for '$command': $*" |  | ||||||
							
								
								
									
										2
									
								
								sources
									
									
									
									
									
								
							
							
						
						
									
										2
									
								
								sources
									
									
									
									
									
								
							| @ -1 +1 @@ | |||||||
| SHA512 (systemd-254.5.tar.gz) = 8e9b4f802c4da2a0dea6028df78d20de5d96802d8f614d0392e89dea605cdd8d9c1724ce3ea382378d582402646f8bea2ffcd55a84262461721ee3f691105b7a | SHA512 (systemd-255-rc1.tar.gz) = 3a92f59af54e0f4988304daa9d1d186554cd07f5ebc95ab17d2d6c1cb37caf7b329e8eca67eb7349aed2f425341ef2b79e2469156a26b6e2436b900b2136f824 | ||||||
|  | |||||||
| @ -150,7 +150,7 @@ for file in files(buildroot): | |||||||
|                        integritytab| |                        integritytab| | ||||||
|                        remount-fs| |                        remount-fs| | ||||||
|                        /initrd| |                        /initrd| | ||||||
|                        systemd-pcrphase| |                        systemd-pcr| | ||||||
|                        systemd-measure| |                        systemd-measure| | ||||||
|                        /boot$| |                        /boot$| | ||||||
|                        /kernel/| |                        /kernel/| | ||||||
|  | |||||||
							
								
								
									
										116
									
								
								systemd.spec
									
									
									
									
									
								
							
							
						
						
									
										116
									
								
								systemd.spec
									
									
									
									
									
								
							| @ -35,7 +35,7 @@ | |||||||
| Name:           systemd | Name:           systemd | ||||||
| Url:            https://systemd.io | Url:            https://systemd.io | ||||||
| %if %{without inplace} | %if %{without inplace} | ||||||
| Version:        254.5 | Version:        255~rc1 | ||||||
| %else | %else | ||||||
| # determine the build information from local checkout | # determine the build information from local checkout | ||||||
| Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') | Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/') | ||||||
| @ -104,21 +104,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ | |||||||
| # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 | # https://bugzilla.redhat.com/show_bug.cgi?id=2164404 | ||||||
| Patch0001:      https://github.com/systemd/systemd/pull/26494.patch | Patch0001:      https://github.com/systemd/systemd/pull/26494.patch | ||||||
| 
 | 
 | ||||||
| # Backport of patches that allow reloading of units |  | ||||||
| Patch0002:      https://github.com/systemd/systemd/pull/28521/commits/631d2b05ec5195d1f8f8fbff8a2dfcbf23d0b7aa.patch |  | ||||||
| 
 |  | ||||||
| # Backport of improvements to console keyboard layout guessing |  | ||||||
| # https://github.com/systemd/systemd/pull/29215 |  | ||||||
| # https://bugzilla.redhat.com/show_bug.cgi?id=1912609 |  | ||||||
| Patch0003:      0001-find_legacy_keymap-fix-empty-variant-matching.patch |  | ||||||
| Patch0004:      0002-find_legacy_keymap-try-matching-with-layout-order-re.patch |  | ||||||
| Patch0005:      0001-find_legacy_keymap-extend-variant-match-bonus-again.patch |  | ||||||
| Patch0006:      0001-keyboard-model-map-correct-sk-qwerty-entry.patch |  | ||||||
| 
 |  | ||||||
| # Requested as an alternative to https://fedoraproject.org/wiki/Changes/Drop_Sshd_Socket |  | ||||||
| Patch0010:      0001-core-add-new-PollLimit-settings-to-.socket-units.patch |  | ||||||
| Patch0011:      0002-man-document-the-new-PollLimitIntervalSec-PollLimitB.patch |  | ||||||
| Patch0012:      0003-ci-add-test-for-poll-limit.patch |  | ||||||
| 
 | 
 | ||||||
| # Those are downstream-only patches, but we don't want them in packit builds: | # Those are downstream-only patches, but we don't want them in packit builds: | ||||||
| # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 | # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 | ||||||
| @ -128,7 +113,7 @@ Patch0490:      use-bfq-scheduler.patch | |||||||
| Patch0491:      fedora-use-system-auth-in-pam-systemd-user.patch | Patch0491:      fedora-use-system-auth-in-pam-systemd-user.patch | ||||||
| 
 | 
 | ||||||
| %ifarch %{ix86} x86_64 aarch64 | %ifarch %{ix86} x86_64 aarch64 | ||||||
| %global have_gnu_efi 1 | %global want_bootloader 1 | ||||||
| %endif | %endif | ||||||
| 
 | 
 | ||||||
| BuildRequires:  gcc | BuildRequires:  gcc | ||||||
| @ -204,6 +189,9 @@ BuildRequires:  python3dist(pytest-flakes) | |||||||
| %endif | %endif | ||||||
| BuildRequires:  python3dist(pytest) | BuildRequires:  python3dist(pytest) | ||||||
| BuildRequires:  python3dist(zstd) | BuildRequires:  python3dist(zstd) | ||||||
|  | %if 0%{?want_bootloader} | ||||||
|  | BuildRequires:  python3dist(pyelftools) | ||||||
|  | %endif | ||||||
| # gzip and lzma are provided by the stdlib | # gzip and lzma are provided by the stdlib | ||||||
| BuildRequires:  firewalld-filesystem | BuildRequires:  firewalld-filesystem | ||||||
| BuildRequires:  libseccomp-devel | BuildRequires:  libseccomp-devel | ||||||
| @ -408,7 +396,7 @@ This package also provides systemd-timesyncd, a network time protocol daemon. | |||||||
| It also contains tools to manage encrypted home areas and secrets bound to the | It also contains tools to manage encrypted home areas and secrets bound to the | ||||||
| machine, and to create or grow partitions and make file systems automatically. | machine, and to create or grow partitions and make file systems automatically. | ||||||
| 
 | 
 | ||||||
| %if 0%{?have_gnu_efi} | %if 0%{?want_bootloader} | ||||||
| %package ukify | %package ukify | ||||||
| Summary:        Tool to build Unified Kernel Images | Summary:        Tool to build Unified Kernel Images | ||||||
| Requires:       %{name} = %{version}-%{release} | Requires:       %{name} = %{version}-%{release} | ||||||
| @ -576,16 +564,6 @@ package and is meant for use in exitrds. | |||||||
| %prep | %prep | ||||||
| %autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1 | %autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1 | ||||||
| 
 | 
 | ||||||
| %generate_buildrequires |  | ||||||
| %if 0%{?have_gnu_efi} |  | ||||||
| if grep -q gnu-efi meson_options.txt; then |  | ||||||
|   echo 'gnu-efi' |  | ||||||
|   echo 'gnu-efi-devel' |  | ||||||
| else |  | ||||||
|   echo 'python3dist(pyelftools)' |  | ||||||
| fi |  | ||||||
| %endif |  | ||||||
| 
 |  | ||||||
| %build | %build | ||||||
| %global ntpvendor %(source /etc/os-release; echo ${ID}) | %global ntpvendor %(source /etc/os-release; echo ${ID}) | ||||||
| %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} | %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} | ||||||
| @ -599,44 +577,44 @@ CONFIGURE_OPTS=( | |||||||
|         -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin |         -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin | ||||||
|         -Dservice-watchdog= |         -Dservice-watchdog= | ||||||
|         -Ddev-kvm-mode=0666 |         -Ddev-kvm-mode=0666 | ||||||
|         -Dkmod=true |         -Dkmod=enabled | ||||||
|         -Dxkbcommon=true |         -Dxkbcommon=enabled | ||||||
|         -Dblkid=true |         -Dblkid=enabled | ||||||
|         -Dfdisk=true |         -Dfdisk=enabled | ||||||
|         -Dseccomp=true |         -Dseccomp=enabled | ||||||
|         -Dima=true |         -Dima=true | ||||||
|         -Dselinux=true |         -Dselinux=enabled | ||||||
|         -Dbpf-framework=%[0%{?have_bpf}?"true":"false"] |         -Dbpf-framework=%[0%{?have_bpf}?"enabled":"disabled"] | ||||||
|         -Dapparmor=false |         -Dapparmor=disabled | ||||||
|         -Dpolkit=true |         -Dpolkit=enabled | ||||||
|         -Dxz=%[%{with xz}?"true":"false"] |         -Dxz=%[%{with xz}?"enabled":"disabled"] | ||||||
|         -Dzlib=%[%{with zlib}?"true":"false"] |         -Dzlib=%[%{with zlib}?"enabled":"disabled"] | ||||||
|         -Dbzip2=%[%{with bzip2}?"true":"false"] |         -Dbzip2=%[%{with bzip2}?"enabled":"disabled"] | ||||||
|         -Dlz4=%[%{with lz4}?"true":"false"] |         -Dlz4=%[%{with lz4}?"enabled":"disabled"] | ||||||
|         -Dzstd=%[%{with zstd}?"true":"false"] |         -Dzstd=%[%{with zstd}?"enabled":"disabled"] | ||||||
|         -Dpam=true |         -Dpam=enabled | ||||||
|         -Dacl=true |         -Dacl=enabled | ||||||
|         -Dsmack=true |         -Dsmack=true | ||||||
|         -Dopenssl=true |         -Dopenssl=enabled | ||||||
|         -Dcryptolib=openssl |         -Dcryptolib=openssl | ||||||
|         -Dp11kit=true |         -Dp11kit=enabled | ||||||
|         -Dgcrypt=false |         -Dgcrypt=disabled | ||||||
|         -Daudit=true |         -Daudit=enabled | ||||||
|         -Delfutils=true |         -Delfutils=enabled | ||||||
|         -Dlibcryptsetup=%[%{with bootstrap}?"false":"true"] |         -Dlibcryptsetup=%[%{with bootstrap}?"disabled":"enabled"] | ||||||
|         -Delfutils=true |         -Delfutils=enabled | ||||||
|         -Dpwquality=true |         -Dpwquality=enabled | ||||||
|         -Dqrencode=%[%{defined rhel}?"false":"true"] |         -Dqrencode=%[%{defined rhel}?"disabled":"enabled"] | ||||||
|         -Dgnutls=%[%{with gnutls}?"true":"false"] |         -Dgnutls=%[%{with gnutls}?"enabled":"disabled"] | ||||||
|         -Dmicrohttpd=true |         -Dmicrohttpd=enabled | ||||||
|         -Dlibidn2=true |         -Dlibidn2=enabled | ||||||
|         -Dlibiptc=false |         -Dlibiptc=false | ||||||
|         -Dlibcurl=true |         -Dlibcurl=enabled | ||||||
|         -Dlibfido2=true |         -Dlibfido2=enabled | ||||||
|         -Dxenctrl=%[0%{?have_xen}?"true":"false"] |         -Dxenctrl=%[0%{?have_xen}?"enabled":"disabled"] | ||||||
|         -Defi=true |         -Defi=true | ||||||
|         -Dtpm=true |         -Dtpm=true | ||||||
|         -Dtpm2=true |         -Dtpm2=enabled | ||||||
|         -Dhwdb=true |         -Dhwdb=true | ||||||
|         -Dsysusers=true |         -Dsysusers=true | ||||||
|         -Dstandalone-binaries=true |         -Dstandalone-binaries=true | ||||||
| @ -653,7 +631,7 @@ CONFIGURE_OPTS=( | |||||||
|         -Dsplit-bin=true |         -Dsplit-bin=true | ||||||
|         -Db_lto=%[%{with lto}?"true":"false"] |         -Db_lto=%[%{with lto}?"true":"false"] | ||||||
|         -Db_ndebug=false |         -Db_ndebug=false | ||||||
|         -Dman=true |         -Dman=enabled | ||||||
|         -Dversion-tag=%{version}-%{release} |         -Dversion-tag=%{version}-%{release} | ||||||
|         # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 |         # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 | ||||||
|         -Dshared-lib-tag=%{version_no_tilde}-%{release} |         -Dshared-lib-tag=%{version_no_tilde}-%{release} | ||||||
| @ -690,21 +668,15 @@ CONFIGURE_OPTS=( | |||||||
|         -Dsystemd-network-uid=192 |         -Dsystemd-network-uid=192 | ||||||
|         -Dsystemd-resolve-uid=193 |         -Dsystemd-resolve-uid=193 | ||||||
|         # -Dsystemd-timesync-uid=, not set yet |         # -Dsystemd-timesync-uid=, not set yet | ||||||
| ) |  | ||||||
| 
 | 
 | ||||||
| if grep gnu-efi meson_options.txt; then |  | ||||||
|   CONFIGURE_OPTS+=( -Dgnu-efi=%[%{?have_gnu_efi}?"true":"false"] ) |  | ||||||
| else |  | ||||||
|         # For now, let's build the bootloader in the same places where we |         # For now, let's build the bootloader in the same places where we | ||||||
|         # built with gnu-efi. Later on, we might want to extend coverage, but |         # built with gnu-efi. Later on, we might want to extend coverage, but | ||||||
|         # considering that that support is untested, let's not do this now. |         # considering that that support is untested, let's not do this now. | ||||||
|         # Note, ukify requires bootloader, let's also explicitly enable/disable it |         # Note, ukify requires bootloader, let's also explicitly enable/disable it | ||||||
|         # here for https://github.com/systemd/systemd/pull/24175. |         # here for https://github.com/systemd/systemd/pull/24175. | ||||||
|   CONFIGURE_OPTS+=( |         -Dbootloader=%[%{?want_bootloader}?"enabled":"disabled"] | ||||||
|         -Dbootloader=%[%{?have_gnu_efi}?"true":"false"] |         -Dukify=%[%{?want_bootloader}?"enabled":"disabled"] | ||||||
|         -Dukify=%[%{?have_gnu_efi}?"true":"false"] | ) | ||||||
|   ) |  | ||||||
| fi |  | ||||||
| 
 | 
 | ||||||
| %if %{without lto} | %if %{without lto} | ||||||
| %global _lto_cflags %nil | %global _lto_cflags %nil | ||||||
| @ -994,7 +966,7 @@ systemctl --no-reload preset systemd-oomd.service &>/dev/null || : | |||||||
| # a different package version. | # a different package version. | ||||||
| systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || : | systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || : | ||||||
| 
 | 
 | ||||||
| %global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service} systemd-portabled.service systemd-pstore.service remote-cryptsetup.target | %global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service systemd-timesyncd.service %{?want_bootloader:systemd-boot-update.service} systemd-portabled.service systemd-pstore.service remote-cryptsetup.target | ||||||
| 
 | 
 | ||||||
| %post udev | %post udev | ||||||
| # Move old stuff around in /var/lib | # Move old stuff around in /var/lib | ||||||
| @ -1172,7 +1144,7 @@ fi | |||||||
| 
 | 
 | ||||||
| %files udev -f .file-list-udev | %files udev -f .file-list-udev | ||||||
| 
 | 
 | ||||||
| %if 0%{?have_gnu_efi} | %if 0%{?want_bootloader} | ||||||
| %files ukify -f .file-list-ukify | %files ukify -f .file-list-ukify | ||||||
| %files boot-unsigned -f .file-list-boot | %files boot-unsigned -f .file-list-boot | ||||||
| %endif | %endif | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user